Regarding Cargo.lock
, the recommendation always was to include it in version control for application/binary crates, but not library ones. But tendencies changed over time to include it even for libraries. If a rust-toolchain
file is tracked by version control, and is pinned to a specific stable release, then Cargo.lock
should definitely be tracked too [1][2].
It's strictly more information tracked, so there is no logical reason not to include it. There was this concern about people not being aware of --locked
not being the default behaviour of cargo install
, giving a false sense of security/reliability/reproducibility. But "false sense" is never a good technical argument in my book.
Anyway, your crate is an application/binary one. And if you were to not change the "*"
dependency version requirement, then it is almost guaranteed that building your crate will break in the future without tracking Cargo.lock
;)
We already knew it was from mastoclowns, for mastoclowns.
The details and which "e-celebs" are involved is immaterial.
No one relevant (or merely sane) cared, cares, or will ever care about that scene's rage-circlejerk choice of the day.